News

JavaScript packages with billions of downloads were injected with malicious code in world's largest supply chain hack, geared to steal crypto — a phishing email is all it ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.
Scientific American6d

The New Frontier of AI Hacking—Could Online Images Hijack Your Computer?

Artificial-intelligence agents—touted as AI’s next wave—could be vulnerable to malicious code hidden in innocent-looking ...
The Register on MSN5d

Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python

Pro tip, don't install PowerShell commands without approval A team of data thieves has doubled down by developing its ...

Coinbase’s preferred AI coding tool can be hijacked by new virus

Cybersecurity firm HiddenLayer says a new virus can infect popular AI tools, including one widely used at crypto exchange ...
InfoWorld2d

How to spin Python’s challenges into AI gold

The multitude of Python tools makes for many choices and many potential pitfalls. Streamline your AI projects by ...

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...

Hackers hide behind Tor in exposed Docker API breaches

A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could ...
Interesting Engineering on MSN3d

New 'benevolent hacking' method could prevent AI models from giving rogue prompts

Researchers have unveiled a technique to keep AI safeguards intact, even when models are trimmed down for smaller, low-power devices.
The Hacker News5d

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

CastleRAT and CastleLoader, active since March 2025, spread malware via phishing and GitHub repos, enabling data theft.